Discount has an Out-of-bounds Read in rdiscount_CVE-2026-35201

5.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INT_MAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process. This vulnerability is fixed in 2.2.7.4.

Basic Information

ID CVE-2026-35201

Source GitHub_M

Published Apr 6, 2026 at 19:49

Modified Apr 7, 2026 at 16:21

Affected Product

Vendor davidfstr

Product rdiscount

Version >= 1.3.1.1, < 2.2.7.4

Affected Versions davidfstr rdiscount >= 1.3.1.1, < 2.2.7.4

CWE Classification

CWE-125

References

github.com /davidfstr/rdiscount/security/advisories/GHSA-6r34-94wq-jhrc

{
    "lastseen": "",
    "description": "Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse path. Inputs larger than INT_MAX are truncated to a signed int before entering the native parser, allowing the parser to read past the end of the supplied buffer and crash the process. This vulnerability is fixed in 2.2.7.4.",
    "published": "2026-04-06T19:49:48.806Z",
    "modified": "2026-04-07T16:21:14.803Z",
    "type": "cve",
    "title": "Discount has an Out-of-bounds Read in rdiscount",
    "source": "GitHub_M",
    "references": "https://github.com/davidfstr/rdiscount/security/advisories/GHSA-6r34-94wq-jhrc",
    "id": "CVE-2026-35201",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125"
    ],
    "cvelist": null,
    "sourceData": "davidfstr rdiscount >= 1.3.1.1, < 2.2.7.4",
    "sourceHref": "",
    "cvss": {
        "score": 5.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "rdiscount",
    "version": ">= 1.3.1.1, < 2.2.7.4",
    "vendor": "davidfstr",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}